mirror of
https://github.com/agent0ai/agent-zero.git
synced 2026-07-09 17:08:29 +00:00
Add comprehensive file-level DOX documentation across the repo and update directory AGENTS.md indexes. Many new `*.py.dox.md` files were added under api, helpers, tools, plugins, extensions, webui, and other dirs to document endpoint purpose, ownership, runtime contracts, work guidance, and verification. Several AGENTS.md files were created or updated (agents profiles, api, docker, extensions, helpers, plugins, skills, webui components, etc.) to list child DOX files and clarify documentation/work guidance. Also add example and bundled profile DOX files (agent0, default, developer, hacker, researcher) and minor updates to helpers/dirty_json.py and its tests. These changes improve on-disk documentation coverage and establish the convention that each direct runtime file should have a matching `*.dox.md` describing its contracts and verification steps.
2.6 KiB
2.6 KiB
API Handlers DOX
Purpose
- Own backend HTTP API handlers and WebSocket handler entry points.
- Keep route-level behavior, authentication, CSRF, input parsing, and response shapes explicit.
Ownership
- Files in this directory are discovered by the route registration layer in
helpers/api.pyand WebSocket registration code. ws_*.pyfiles define WebSocket namespaces or handlers throughhelpers.ws.WsHandler.- Plugin-provided API handlers belong inside plugin
api/folders and follow the same base contracts.
Local Contracts
- HTTP handlers must derive from
helpers.api.ApiHandler. - Implement
async def process(self, input: dict, request: Request) -> dict | Response. - Override
get_methods(),requires_auth(),requires_csrf(),requires_api_key(), orrequires_loopback()only when the endpoint contract requires it. - Keep CSRF and authentication protections intact for browser-facing state-changing endpoints.
- WebSocket handlers must derive from
helpers.ws.WsHandlerand validate event data before using it. - Do not return secrets, raw environment values, private files, or unfiltered exception details to clients.
- This directory is a file-documented DOX profile: every direct
*.pyendpoint or WebSocket module must have a same-directory*.py.dox.mdfile named by appending.dox.mdto the full Python filename. - The
*.py.dox.mdfile owns endpoint purpose, request/response concepts, auth/CSRF/API-key/loopback assumptions, side effects, important helper dependencies, and verification guidance. - When a Python endpoint is added, removed, renamed, or behaviorally changed, update its matching
*.py.dox.mdin the same change. - Do not leave stale file-level DOX after endpoint deletion or rename.
Work Guidance
- Use helpers for shared behavior instead of duplicating persistence, auth, file, project, plugin, or notification logic in endpoints.
- Keep request and response payloads stable; update frontend callers and tests together when payloads change.
- Prefer
Responsefor files, redirects, status codes, and plain-text errors; return dictionaries for JSON success payloads. - During the DOX pass, verify that every direct
*.pyfile has a matching*.py.dox.mdand that changed endpoint behavior is described there.
Verification
- Run targeted
pytest tests/test_*api*.py, endpoint-specific tests, or WebSocket tests after changing handler behavior. - For auth, CSRF, upload/download, tunnel, or file endpoints, run the nearest security regression tests.
- Check file-level documentation coverage with a script or shell loop that verifies each
api/*.pyhas a matchingapi/*.py.dox.md.
Child DOX Index
No child DOX files.